Skip to content
Browse files

Fixed #17944 -- Prevented an error in the user change page of the adm…

…in when the content of the password field doesn't match the expected format. Thanks saxix for the report and initial patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@17775 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
1 parent 1e28567 commit a8d0fc10015be745c5d274b990d94dfb7d57c9d5 @aaugustin aaugustin committed
Showing with 120 additions and 44 deletions.
  1. +92 −38 django/contrib/auth/fixtures/authtestdata.json
  2. +9 −5 django/contrib/auth/forms.py
  3. +19 −1 django/contrib/auth/tests/forms.py
View
130 django/contrib/auth/fixtures/authtestdata.json
@@ -1,55 +1,109 @@
[
{
- "pk": "1",
- "model": "auth.user",
+ "pk": "1",
+ "model": "auth.user",
"fields": {
- "username": "testclient",
- "first_name": "Test",
- "last_name": "Client",
- "is_active": true,
- "is_superuser": false,
- "is_staff": false,
- "last_login": "2006-12-17 07:03:31",
- "groups": [],
- "user_permissions": [],
- "password": "sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161",
- "email": "testclient@example.com",
+ "username": "testclient",
+ "first_name": "Test",
+ "last_name": "Client",
+ "is_active": true,
+ "is_superuser": false,
+ "is_staff": false,
+ "last_login": "2006-12-17 07:03:31",
+ "groups": [],
+ "user_permissions": [],
+ "password": "sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161",
+ "email": "testclient@example.com",
"date_joined": "2006-12-17 07:03:31"
}
},
{
- "pk": "2",
- "model": "auth.user",
+ "pk": "2",
+ "model": "auth.user",
"fields": {
- "username": "inactive",
- "first_name": "Inactive",
- "last_name": "User",
- "is_active": false,
- "is_superuser": false,
- "is_staff": false,
- "last_login": "2006-12-17 07:03:31",
- "groups": [],
- "user_permissions": [],
- "password": "sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161",
+ "username": "inactive",
+ "first_name": "Inactive",
+ "last_name": "User",
+ "is_active": false,
+ "is_superuser": false,
+ "is_staff": false,
+ "last_login": "2006-12-17 07:03:31",
+ "groups": [],
+ "user_permissions": [],
+ "password": "sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161",
"email": "testclient2@example.com",
"date_joined": "2006-12-17 07:03:31"
}
},
{
- "pk": "3",
- "model": "auth.user",
+ "pk": "3",
+ "model": "auth.user",
"fields": {
- "username": "staff",
- "first_name": "Staff",
- "last_name": "Member",
- "is_active": true,
- "is_superuser": false,
- "is_staff": true,
- "last_login": "2006-12-17 07:03:31",
- "groups": [],
- "user_permissions": [],
- "password": "sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161",
- "email": "staffmember@example.com",
+ "username": "staff",
+ "first_name": "Staff",
+ "last_name": "Member",
+ "is_active": true,
+ "is_superuser": false,
+ "is_staff": true,
+ "last_login": "2006-12-17 07:03:31",
+ "groups": [],
+ "user_permissions": [],
+ "password": "sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161",
+ "email": "staffmember@example.com",
+ "date_joined": "2006-12-17 07:03:31"
+ }
+ },
+ {
+ "pk": "4",
+ "model": "auth.user",
+ "fields": {
+ "username": "empty_password",
+ "first_name": "Empty",
+ "last_name": "Password",
+ "is_active": true,
+ "is_superuser": false,
+ "is_staff": false,
+ "last_login": "2006-12-17 07:03:31",
+ "groups": [],
+ "user_permissions": [],
+ "password": "",
+ "email": "empty_password@example.com",
+ "date_joined": "2006-12-17 07:03:31"
+ }
+ },
+ {
+ "pk": "5",
+ "model": "auth.user",
+ "fields": {
+ "username": "unmanageable_password",
+ "first_name": "Unmanageable",
+ "last_name": "Password",
+ "is_active": true,
+ "is_superuser": false,
+ "is_staff": false,
+ "last_login": "2006-12-17 07:03:31",
+ "groups": [],
+ "user_permissions": [],
+ "password": "$",
+ "email": "unmanageable_password@example.com",
+ "date_joined": "2006-12-17 07:03:31"
+ }
+ },
+ {
+ "pk": "6",
+ "model": "auth.user",
+ "fields": {
+ "username": "unknown_password",
+ "first_name": "Unknown",
+ "last_name": "Password",
+ "is_active": true,
+ "is_superuser": false,
+ "is_staff": false,
+ "last_login": "2006-12-17 07:03:31",
+ "groups": [],
+ "user_permissions": [],
+ "password": "foo$bar",
+ "email": "unknown_password@example.com",
"date_joined": "2006-12-17 07:03:31"
}
}
View
14 django/contrib/auth/forms.py
@@ -29,14 +29,18 @@ def render(self, name, value, attrs):
encoded = smart_str(encoded)
if len(encoded) == 32 and '$' not in encoded:
- hasher = get_hasher('unsalted_md5')
+ algorithm = 'unsalted_md5'
else:
algorithm = encoded.split('$', 1)[0]
- hasher = get_hasher(algorithm)
- summary = ""
- for key, value in hasher.safe_summary(encoded).iteritems():
- summary += "<strong>%(key)s</strong>: %(value)s " % {"key": ugettext(key), "value": value}
+ try:
+ hasher = get_hasher(algorithm)
+ except ValueError:
+ summary = "<strong>%s</strong>" % ugettext("Invalid password format or unknown hashing algorithm.")
+ else:
+ summary = ""
+ for key, value in hasher.safe_summary(encoded).iteritems():
+ summary += "<strong>%(key)s</strong>: %(value)s " % {"key": ugettext(key), "value": value}
return mark_safe("<div%(attrs)s>%(summary)s</div>" % {"attrs": flatatt(final_attrs), "summary": summary})
View
20 django/contrib/auth/tests/forms.py
@@ -65,7 +65,6 @@ def test_both_passwords(self):
def test_success(self):
# The success case.
-
data = {
'username': 'jsmith@example.com',
'password1': 'test123',
@@ -236,6 +235,25 @@ class Meta(UserChangeForm.Meta):
# Just check we can create it
form = MyUserForm({})
+ def test_bug_17944_empty_password(self):
+ user = User.objects.get(username='empty_password')
+ form = UserChangeForm(instance=user)
+ # Just check that no error is raised.
+ form.as_table()
+
+ def test_bug_17944_unmanageable_password(self):
+ user = User.objects.get(username='unmanageable_password')
+ form = UserChangeForm(instance=user)
+ # Just check that no error is raised.
+ form.as_table()
+
+ def test_bug_17944_unknown_password_algorithm(self):
+ user = User.objects.get(username='unknown_password')
+ form = UserChangeForm(instance=user)
+ # Just check that no error is raised.
+ form.as_table()
+
+
UserChangeFormTest = override_settings(USE_TZ=False)(UserChangeFormTest)

0 comments on commit a8d0fc1

Please sign in to comment.
Something went wrong with that request. Please try again.